The purpose of these guidelines is to provide specific best practices for managing university records. The guidelines support the University Records Policy and outline basic steps to help departments comply with the policy.
Tufts University: Faculty, staff, and administrators who manage university records.
February 22, 2007
Digital Collections and Archives
|From the University Records Policy
University Records Definition
Records are information fixed on any media. University records are those that Tufts employees create or receive in any format in the course of university business. University records are the property of Tufts University. University records exist in a variety of forms, including but not limited to, paper and electronic documents, microforms, audio and video recordings, databases, and electronic mail messages. University records include but are not limited to minutes; correspondence; memoranda; financial records, such as invoices, journals, ledgers, purchase orders, grant documentation, and other information pertaining to fiscal matters; published materials, including reports and newsletters; moving images and photographs; sound recordings; drawings and maps; and computer data or other machine readable electronic records, including electronic mail. Typically, but not necessarily, university records fall into the following categories: personnel (staff and faculty), student, alumni, financial, research administration, health and safety, physical plant, and general administration and management records.
The following records and documents are not university records.
Best Practices for Managing Records
Departments should manage their university records in a trustworthy manner that ensures their authenticity. In order to do this, departments and offices should:
All departments and offices should create university records that accurately document their core activities. To do this departments and offices should:
- Determine what records they need to create and use to conduct their business.
- Determine which of their department or office members has the responsibility and authority to create their records.
- Incorporate their records creation activities and responsibilities into their own policies and procedures.
- Periodically review their records creation procedures.
All departments and offices should store their university records in a safe, stable, and secure manner that supports their timely and accurate retrieval and appropriate controls on their accessibility. To do this departments and offices should:
- Develop filing, classification, and/or indexing systems for their records that all of their department or office members understand and follow. These systems need not be complex–they only need to enable people to find the appropriate records quickly.
- Know the location of all of their records.
- Store their records in stable environments. For the physical storage of records this means storing records in dry and clean areas that are protected from the elements and have appropriate temperature and humidity levels. For the electronic storage of records this means ensuring that records are stored on stable media and in readable software formats.
- Periodically check the stability of their physical and electronic storage environments.
- Ensure that their physical and electronic records storage areas are secure. Know who has access to their physical storage areas. Make sure these areas are locked when unattended. For their electronic records storage areas, ensure that they are complying with the University’s Information Technology Resource Security Policy.
- Determine the confidentiality and privacy status of all of their records. A variety of internal policies, such as the Digital Collections and Archives’ General Policy on Access to University Records, or external laws and regulations, such as FERPA (Family Educational Rights and Privacy Act) and HIPAA (Health Insurance Portability and Accountability Act), may help departments and offices determine the confidentiality and privacy status of their records.
- Know who has the proper authority to view their records.
- Ensure that their records storage security measures meet the confidentiality and privacy needs of their records.
- Periodically review their records storage security measures.
- Document their records organization system, storage locations, and security procedures in their own policies and procedures.
All departments and offices should know what they need to do with their university records once they no longer actively use them. Usually, departments and offices either confidentially destroy their records or transfer them to the Digital Collections and Archives (DCA) for permanent retention. The University Records Policy gives the DCA the authority and responsibility to determine the appropriate disposition for university records in consultation with the necessary faculty, staff, and administrators. The DCA has the authority and responsibility to articulate these disposition decisions in records retention schedules. In order to determine and properly undertake the disposition of their records and comply with the University Records Policy, departments and offices should:
- Consult the University’s records retention schedules to determine the disposition of their records.
- Contact the Digital Collections and Archives for assistance in interpreting the records schedules or creating new schedules if needed.
- Ensure that they not destroy university records that are currently part of, or are likely to be part of, any legal action or proceeding, litigation, audit, investigation, or review, even if the records retention schedules or other policies or procedures indicate that the records are eligible for destruction. Procedures for responding to subpoenas that require the timely production of records or information pertaining to specific individuals or entities involved in potential or ongoing litigation are governed by the University’s Subpoenas for University Records Policy .
Confidential Records Destruction
All departments and offices should destroy in a confidential manner their university records that require destruction. Departments and offices can only use the general trash or recycling to destroy records and documents that have a wide and open distribution at the time of their creation, such as publications. All other records should be destroyed in a confidential manner. To confidentially destroy records departments and offices should:
- Ensure that they truly destroy electronic records when deleting files.
- Employ the services of a confidential records destruction vendor or use a cross-shredder to shred paper records.
- Consult the Digital Collections and Archives’ instructions on Confidential Records Destruction for more information.
All departments and offices should ensure that their recordkeeping practices are in compliance with applicable Tufts policies and external laws, regulations, standards, and professional ethics. To be compliant in its recordkeeping activities departments and offices should:
- Identify and track changes to the applicable Tufts polices and external laws, regulations, standards, and professional ethics.
- Ensure that its staff understands the applicable Tufts policies and external laws, regulations, standards, and professional ethics.
- Not undertake any recordkeeping activity that does not comply with applicable Tufts policies and external laws, regulations, standards, and professional ethics.
- Be able to demonstrate its recordkeeping compliance with applicable Tufts policies and external laws, regulations, standards, and professional ethics.
For advice on following these guidelines, departments should consult the Digital Collections and Archives.